PDA

View Full Version : No logs to CMA after import



checkpointjim
2011-02-24, 16:57
I've just imported a CMA which went flawless except that there are no logs going to the new CMA. I've been reading everything written about the problem for past two days but can't come up with anything. Here's the what I've done:

New CMA, two firewalls. Rebooted firewalls, tested SIC/fetched policy, updated masters file with IP, grep in /conf directory for old SCS address (no hits). When I tcpdump for 257 I see it sending logs to the old SCS, not the one that's defined in the masters file or in the CMA. I really can't take the firewall down anymore, but does anyone have any suggestions?

checkpointjim
2011-02-24, 17:32
FYI, running R62 and R65 on gateways, and R70 MDS

marklar
2011-02-24, 18:35
In SmartDashboard do Policy->Install Database, then try installing the policy again and see if this helps.

checkpointjim
2011-02-25, 05:06
Thnanks for the suggestion, I forgot to mention I did try that, but still sending to old server.

Thorpuse
2011-02-25, 06:21
Check the Logs and Masters setting on the gateway object - you may need to manually set these with the new CMA/CLM.

Also confirm that it's not set to use local definitions for masters and logs. Or, if you're still having no joy, set it to do just that and manually edit the $FWDIR/conf/masters file yourself to point to the right place. Just be careful that you document that you've done that, because I guarantee you'll forget... :P

checkpointjim
2011-02-25, 07:36
Thanks for the suggestions. I've edited the local definition to use the IP and the hostname (while using local definitions on the gateway object), checked that Logs and Masters that it is using the new CMA. Are the logs sent out without checking the policy? I've added a static destination nat to change the destination to the new CMA, and there is no rule allowing it to the old one, but it still sends it out and is received by the old CMA (not under my management).

Thorpuse
2011-02-25, 07:58
So if you do that, you also need to change the gateway properties to "Use Local Definitions for Masters and Logs" before that take effect. Have you done this as well?

IIRC a cpstop/cpstart of the GW is required to apply that change sometimes.

checkpointjim
2011-02-27, 10:57
Still still no luck after doing above. A SIC restart ended up sending them off. Thanks again for the help.

dramirez
2011-03-01, 02:23
did you try a "Switch Active File" in Tracker? or fw repairlog?

are logs being sent to the CLM?